A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift

Error:

<Mar 14, 2018 9:13:36 AM IST> <Error> <Security> <BEA-090870> <The realm "myrealm" failed to be loaded: weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift..

weblogic.security.service.SecurityServiceException: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift. at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealm(CommonSecurityServiceManagerDelegateImpl.java:466)at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadRealm(CommonSecurityServiceManagerDelegateImpl.java:841at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initializeRealms(CommonSecurityServiceManagerDelegateImpl.java:870)at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1032) at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)Truncated. see log file for complete stacktrace

Caused By: com.bea.common.engine.ServiceInitializationException: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift. at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:365)at com.bea.common.engine.internal.ServiceEngineImpl.findOrStartService(ServiceEngineImpl.java:315)at com.bea.common.engine.internal.ServiceEngineImpl.lookupService(ServiceEngineImpl.java:257)at com.bea.common.engine.internal.ServicesImpl.getService(ServicesImpl.java:72)at weblogic.security.service.CSSWLSDelegateImpl.getService(CSSWLSDelegateImpl.java:155)

 Truncated. see log file for complete stacktrace

Caused By: weblogic.security.spi.ProviderInitializationException: A failure occurred attempting to load LDIF for provider Authorizer from file /u03/wlserver_10.3/server/lib/XACMLAuthorizerInit.ldift at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadFullLDIFTemplate(BootStrapServiceImpl.java:910) at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFTemplate(BootStrapServiceImpl.java:688) at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:176)  at com.bea.common.store.bootstrap.internal.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:160)at com.bea.common.security.internal.service.BootStrapServiceImpl.loadLDIFXACMLAuthorizerTemplate(BootStrapServiceImpl.java:106)Truncated. see log file for complete stacktraceCaused By: <openjpa-1.1.1-SNAPSHOT-r422266:1172209 fatal store error> kodo.jdo.FatalDataStoreException: The transaction has been rolled back.  See the nested exceptions for details on the errors that occurred at org.apache.openjpa.kernel.BrokerImpl.newFlushException (BrokerImpl.java:2170)

        at org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2017

        at org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:1915)

        at org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:1833) at org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)

        Truncated. see log file for complete stacktrace Caused By: <openjpa-1.1.1-SNAPSHOT-r422266:1172209 fatal store error> kodo.jdo.FatalDataStoreException: error result

        at com.bea.common.ldap.LDAPStoreManager.flush(LDAPStoreManager.java:341)

        at org.apache.openjpa.abstractstore.AbstractStoreManager.flush(AbstractStoreManager.java:277)

        at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)

        at org.apache.openjpa.datacache.DataCacheStoreManager.flush(DataCacheStoreManager.java:571)

        at org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)

        Truncated. see log file for complete stacktrace

Caused By: netscape.ldap.LDAPException: error result (49); Invalid credentials

        at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)

        at netscape.ldap.LDAPConnection.simpleBind(Unknown Source)

        at netscape.ldap.LDAPConnection.authenticate(Unknown Source)

        at netscape.ldap.LDAPConnection.authenticate(Unknown Source)

        at netscape.ldap.LDAPConnection.bind(Unknown Source)

        Truncated. see log file for complete stacktrace

> 

<Mar 14, 2018 9:13:36 AM IST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>

<Mar 14, 2018 9:13:36 AM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:

There are 1 nested errors:

weblogic.security.service.SecurityServiceRuntimeException: [Security:090399]Security Services Unavailable

        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:917)

        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)

        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)

        at weblogic.security.SecurityService.start(SecurityService.java:141)

        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)

        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)

        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

> 

<Mar 14, 2018 9:13:36 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>

<Mar 14, 2018 9:13:36 AM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>

<Mar 14, 2018 9:13:36 AM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

CAUSE

The root cause is that the RDBMS Tables are not created in the Security Datastore.

SOLUTION 1

Check the following two points as they may be the cause of the reported issue:

1) OPSS Schema

BEAXACMLAP table that is causing the ORA-00092 is the table in the OPSS schema.

Please check whether the BEAXACMLAP table exists in the OPSS schema. 

If this table not exist, perhaps you may not have run the 'rdbms_security_store_oracle.sql'.

Related Information: Note:1327167.1 - WebLogic Server Cannot Start Up with RDBMS Security StoreDelete Reference

2) Database user

Please check the correct database user.

SOLUTION 2

Before booting the domain, the RDBMS tables need to be created in the database:

Specify the same connection properties, including the credentials of the user who has access, the database URL, etc., as specified for that RDBMS during domain creation.

Run the appropriate script to create RDBMS tables. There are a set of SQL scripts for creating/removing RDBMS tables under WL_HOME/server/lib: e.g., for Oracle DB, rdbms_security_store_oracle.sql is to create RRDBMS tables and rdbms_security_store_oracle_remove.sql is to remove these tables.

For details, please refer to "Create RDBMS Tables in theSecurity Datastore" in

http://www.oracle.com/pls/as1111/lookup?id=SECMG346

Thanks,
Aditya.

TIPS: Change Database Hostname After OAM security store configured

Change Database Hostname After OAM security stored configured

Issue: 

Database Hostname need to be changed after OAM security store is configured.

Changes: 

1. Login to Weblogic console and modify below connection pools 
1. Navigate to "Services > Datasources > oamDS > Connection Pool" and modify connection details
2. Navigate to "Services > Datasources > opss-DBDS > Connection Pool" and modify connection details.
3. If weblogic console is not accessible then modify two files "oam-db-jdbc.xml and opss-jdbc.xml" under <MW_HOME>/user_projects/domains/base_domain/config/jdbc.
2. Login to server and navigate to below location.
1. <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/
2. Modify jps-config-jse.xml, jps-config-migration.xml and jps-config.xml  file
3. Modify "jdbc.url" property and update with new hostname.
3. Restart Admin server and managed server.
4. Repeat step 2 in all your cluster nodes.

Expected Error if  jps-config-jse.xml, jps-config-migration.xml and jps-config.xml  files not modified.

Info: Data source is: opss-DBDS

[EL Severe]: 2017-03-14 20:39:37.575--ServerSession(1547285287)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection

Error Code: 17002

Mar 14, 2017 8:39:37 PM oracle.security.jps.internal.common.config.AbstractSecurityStore getSecurityStoreVersion

WARNING: Unable to get the Version from Store returning the default. Reason: java.net.ConnectException: Connection refused.

[EL Severe]: 2017-03-14 20:39:37.978--ServerSession(1619843188)--Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException

Internal Exception: java.sql.SQLRecoverableException: IO Error: The Network Adapter could not establish the connection

Error Code: 17002

Mar 14, 2017 8:39:37 PM oracle.security.jps.internal.credstore.ldap.LdapCredentialStore init

WARNING: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: java.net.ConnectException: Connection refused

JPS-01055: Could not create credential store instance. Reason oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-00027: There was an internal error: java.net.ConnectException: Connection refused

Error: Diagnostics data was not saved to the credential store.

Error: Validate operation has failed.

Need to do the security configuration first!

Thanks

Kiran Pokuri

How to Create CLOUD Oracle Database Service

CLOUD ORACLE DATABSE 12C SERVICE

Generate SSH Key Pair Using SSH Key Generator

Select type of key as SSH-2 RSA.

No.of bits as 2048.

Click on Generate.

• Key Will be Generated as below screen shot.

• Click on Save Private Key to save key with extension .ppk.

• Click on Conversions on Putty Key Generator and and click in Export Open SSH Key.
• Save the Key with extension .ssh.

• Copy the content under Public key for pasting into OpenSSH authorized_keys  in Putty Key generator and save as .pub file

 

• Login to Database Cloud Service Console.
• Click on Create Instance.

• Select the Database version 11g or 12c.

• Select the software edition.

• Enter Service Name, Description.
• SSH Public Key upload .pub file which is created in Putty Key generation.
• Setup the Administrators password.
• Click Next. 

• Verify the summary. Click on Create.

• Follow the Screen shot to modify the Access Policies.

• Enable ora_p2_dblistener and ora_p2_httpssl 

• Connect to Cloud Oracle Database using SQL Developer.

Thanks !

TIPS: SQL query to search OAAM 11g User security questions registered in database

Query:

select question from v_user_questions where question_id in (select question_id from v_user_qa where user_id in (select user_id from vcrypt_users where login_id = 'spokuri') and answer != 'null');

-- Siva Pokuri.

Oracle Entitlements Server WebService SM XACML calls with Sample WebApplication Demo

-- Siva Pokuri

How to integrate Oracle Unified Directory EUS with Oracle DataBase 11g

Pre-requisites:

1. OUD installed
2. Oracle Database installed

Step 1: Configure OUD instance

Step 2: Configure database with OUD Enterprise User Security Store

3. Configure Oracle 11g database Enterprise User Security(EUS) to OUD

4) Test Oracle database login with one of OUD user.

-- Siva Pokuri